Configure IDM user for workflow when Global Security is enabled in Websphere.

book

Article ID: 36464

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

 

Symptoms: 

 

When Identity Minder (IM) workflow is turned on, the application log might show those error messages:

 

javax.naming.AuthenticationException: Login failed: com.ibm.websphere.security.auth.WSLoginFailedException: CWWIM4537E  No principal is found from the 'IDM' principal name

 

Or

 

ERROR com.workpoint.monitor.support.AlertQueryThread  - Unable to query alert instances due to RemoteException.java.rmi.RemoteException: CORBA OBJECT_NOT_EXIST

 

Environment:  

 

Identity Minder R12.5

Websphere 8.5

OS Windows 2008 SP2

 

Cause: 

 

When installing (IM) on Websphere, customers are advised to turn off Global Security setting. After the installation successfully completes, some customers want to turn back on the Global Security setting to protect Websphere Admin Console. When workflow is enabled, Websphere will use the default “IDM” user and its password in ra.xml file under <IBM WebSphere path>\AppServer\profiles\AppSrv01\installedApps\<cell name>\iam_im.ear\workflow.rar\META-INF for authentication.

 

<Please see attached file for image>

figure1.png

 

Resolution:

 

1.       Use pwdtools.bat or pwtools.sh to encrypt the password value:

 

<Please see attached file for image>

figure2.png 

 

2.       Create an IDM user in Websphere, which match the above username and password:

 

<Please see attached file for image>

figure3.png

3.       Add “IDM” user to CORBA naming service users

 

<Please see attached file for image>

figure4.png

 

click Add button:

<Please see attached file for image>

figure5.png

 

Add permission to the user:

<Please see attached file for image>

figure6.png

 

Note: make sure Read, Write, Create, and Delete roles are selected. Missing one role will result to CORBA errors.

 

 

<Please see attached file for image>

figure7.png

 


 "IDM"  user should look like this in Websphere Admin Console:

<Please see attached file for image>

figure8.png

 

4.       Save the change and restart websphere and IM application.

 

5.       View workflow and verify if workflow processes are displayed properly.

 

6.       Check SystemOut.log for any CORBA error.

 

Environment

Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente
Component:

Attachments

1558723325899000036464_sktwi1f5rjvs16wu4.png get_app
1558723324080000036464_sktwi1f5rjvs16wu3.png get_app
1558723322093000036464_sktwi1f5rjvs16wu2.png get_app
1558723320347000036464_sktwi1f5rjvs16wu1.png get_app
1558723318734000036464_sktwi1f5rjvs16wu0.png get_app
1558723316948000036464_sktwi1f5rjvs16wtz.png get_app
1558723315179000036464_sktwi1f5rjvs16wty.png get_app
1558723313286000036464_sktwi1f5rjvs16wtx.png get_app